Citation: Proceedings of the 2020 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 21, pages 527–536 (2020)
Abstract. Since the introduction of the Measuring Instruments Directive 2014/32/EU, prototypes of measuring instruments subject to legal control in the European Union must be accompanied by a risk assessment, when being submitted for conformity assessment. Taximeters, water meters, electricity meters or fuel pumps form the basis for the economic sector usually known as Legal Metrology, where the development towards cheaper allpurpose hardware combined with more sophisticated software is imminent. Therefore, a risk assessment will always have to include software-related issues. Hitherto, publications about software risk assessment methods lack an efficient means to derive and assess suitable countermeasures for risk mitigation. To this end, attack trees are used in related research fields. In this paper, defense probability trees are derived from attack probability trees, well-suited to the requirements of software risk assessment and used to identify optimal sets of countermeasures. The infamous Meltdown vulnerability is used to highlight the experimental application of the method.
- EC, “Directive 2014/32/EU of the European Parliament and of the Council of 26 February 2014 on the harmonisation of the laws of the Member States relating to the making available on the market of measuring instruments,” European Union, Council of the European Union ; European Parliament, Directive, February 2014.
- M. Esche and F. Thiel, “Software risk assessment for measuring instruments in legal metrology,” in Proceedings of the Federated Conference on Computer Science and Information Systems, Lodz, Poland, September 2015. http://dx.doi.org/10.15439/978-83-60810-66-8 pp. 1113–1123.
- ISO/IEC, “ISO/IEC 27005:2011(e) Information technology - Security techniques - Information security risk management,” International Organization for Standardization, Geneva, CH, Standard, June 2011.
- ——, “ISO/IEC 18045:2008 Common Methodology for Information Technology Security Evaluation,” International Organization for Standardization, Geneva, CH, Standard, September 2008, Version 3.1 Revision 4.
- M. Esche, F. Grasso Toro, and F. Thiel, “Representation of attacker motivation in software risk assessment using attack probability trees,” in Proceedings of the Federated Conference on Computer Science and Information Systems, Prague, Czech Republic, September 2017. http://dx.doi.org/10.15439/2017F112 pp. 763–771.
- S. Mauw and M. Oostdijk, “Foundations of attack trees,” in Proceedings of the 8th international conference on Information Security and Cryptology. Seoul, Korea: IEEE, December 2005. doi: http://dx.doi.org/10.1007/11734727_17 pp. 186–198.
- M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg, “Meltdown: Reading kernel memory from user space,” in 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018., 2018, pp. 973–990. [Online]. Available: https://www.usenix.org/conference/usenixsecurity18/presentation/lipp
- P. Wang, W.-H. Lin, P.-T. Kuo, H.-T. Lin, and T. C. Wang, “Threat risk analysis for cloud security based on attack-defense trees,” in Proceedings of the International Conference on Computing Technology and Information Management. Seoul, Korea: IEEE, April 2012, pp. 106–111, ISBN: 978-89-88678-68-8.
- R. Vigo, F. Nielson, and H. R. Nielson, “Automated generation of attack trees,” in Proceedings of the IEEE Computer Security Foundations Symposium. Seoul, Korea: IEEE, 2014. doi: http://dx.doi.org/10.1109/CSF.2014.31 pp. 337–350.
- Y. Yarom and K. Falkner, “FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack,” in Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014, pp. 719–732. [Online]. Available: https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom